Loosen those purse strings and hire a CISO

As?hackers become bolder?with malicious ransomware and security breaches,?many companies still do not have top cyber security personal.?I don’t get it!?These are a few reasons?I?know?hiring chief information security officers is a smart investment.?

Loosen those purse strings and hire a CISO,?already?

COVID-19?has?forced many?companies?to?shift their?physical?operations to?digital arenas, everything from?HR and meetings to sales and marketing.?

Most?companies,?along with their consumers and employees,?are enjoying?the freedom, convenience, and flexibility that?comes from moving everything from paper into the digital reality,?as they should.??

Just one problem:?criminals?and scammers?are?also?enjoying this increased dependency on digital tools.?Sitting?in office-like environments and operating as a highly sophisticated organized crime unit,?they?can deploy ransomware and other malicious programs to steal information and hold it for?ransom.????

It’s not just small companies that are falling prey,?either.?Colonial Pipeline, the largest pipeline system for refined oil products in the U.S., was?recently?forced to pay millions in Bitcoin?after its computerized systems were crippled by a cyberattack. Some of that money was recovered by the feds, but you probably wouldn’t be that lucky.?

Then, earlier?this month,?PBS reported?on?the?Kaesaya?breach,?the largest ransomware attack to date.?Keasaya?provides thousands of companies with an IT management tool.?The breach?compromised hundreds of?those companies, while the hackers demanded?over $70 million in Bitcoin to release the data.?

So, whoops!?

Stop?making excuses?

To me, the first response?is?to hire a chief information security officer?who can develop a top-down comprehensive cybersecurity program.?Compared to the thousands,?or even millions,?of dollars?companies often pay in?ransom,?it’s a much better investment.?There’s also the?tarnished publish image?you don’t have to fix.?

Also consider this:?When consumers look at a company’s website and the staff doesn’t include a CISO,?then the message is clear: the company doesn’t care about protecting and securing?their?data.?

And yet CISOs remain uncommon.?

Company policymakers such as owners, boards of directors and?CEOs,?need to?understand CISOs?have separate and irreplaceable expertise.?Too often, it’s assumed that a Cyber Security program can be created, rolled out, and managed without a CISO, that approach is least effective as a CISO that reports to the CEO will have overall strategy view and the expertise to manage the risks. ?

Making it happen?

Think outside the Box for a CISO candidate, experience is worth its weight in gold.

DO NOT get stuck on education, school is not for everyone. By requiring an BS, MS or an MBA for CISO candidates you are missing out on amazing candidates that formal schooling was not for them. Substitute a degree requirement with experience

DO NOT LIMIT the candidates to one industry (e.g. A candidates from manufacturing) Diversity of experience from different industries and verticals is an important aspect of a good CISO candidate. There is more than one way to protect assets and having experience on how to protect assets in different industries is an important key aspect.

Follow the Marines 70% rule, if a CISO candidate has 70% of what you are looking for hire them. Don’t wait to 100% it will most likely never come.

If you’re still not convinced?a?CISO is worth the salary, you can find a virtual or part-time?CISO. They won’t know the company as well, but they’re still a better option than hoping and praying.

Plus,?if you’ve gone remote, what are you doing?with all the money saved on?rent??Spend it on peace of mind.